[As a personal note by OP: This is about Australia, but it perfectly applies to any democracy on the globe as well imho.]

Warnings this week from the Australian Security Intelligence Organisation (ASIO) about sabotage threats marked an important shift in tone.

And they raise important questions about how the Australian government should respond.

Breaking from past practice, ASIO Director-General Mike Burgess said Chinese state-linked hackers have scanned, mapped and in some cases infiltrated Australian critical infrastructure.

According to Burgess, these groups are no longer focused on stealing information. They are preparing to disrupt or shut down key systems in a future crisis.

Burgess described [that] this threat does not involve persuasion or interference in debate. It is about the ability to disable telecommunications, shut down water systems, interrupt electricity supplies or damage the financial system.

This is preparation to use coercion during a crisis. One can imagine a scenario where Australia’s ability to respond to a blockade or invasion of Taiwan is hampered by a shutdown of critical infrastructure.

Burgess is therefore right to highlight the seriousness of the threat. China has shown that control of digital systems is central to geopolitical competition. Maintaining access to foreign infrastructure is a strategic advantage. As Australia becomes more reliant on digital networks, weaknesses in those systems become national security concerns.

There is, however, a second issue that deserves attention. In responding to foreign cyber threats, Australia risks adopting some of the very same digital tools used in authoritarian states such as Russia and China.

Research on digital authoritarianism shows that many authoritarian governments use control of digital networks to manage their own populations. They monitor citizens, limit information and use technology to enforce political order.

Burgess’ warning suggests this model is being exported. The aim is to control digital life at home, but also to gain the ability to interfere with digital systems overseas if needed.

In recent years, Australian governments have proposed measures that go well beyond traditional cybersecurity. These include mandatory age checks for social media, strict online limits for minors and expanding the duties of technology companies to assist with national security goals.

These proposals are framed as necessary for public safety. Yet they show a willingness to extend state power deeper into digital life.

Burgess’ speech at a business conference reinforces this trend. He addressed government agencies but also corporate boards, telling them national security is now their responsibility, as well.

Much of Australia’s critical infrastructure is owned or operated by private companies. Expecting these companies to act as extensions of national security policy risks blurring the line between public and private roles.

A defining feature of digital authoritarianism is the merger of state security priorities with corporate behaviour. If this boundary weakens, Australia could slowly move toward practices it has long opposed.

It is possible to strengthen national resilience without taking this path. A democratic society can defend its networks and deter cyber threats while maintaining openness and accountability.

Burgess is correct that Australia faces a serious and evolving challenge. China’s cyber operations reflect wider geopolitical changes. But an effective response requires protecting both infrastructure and democratic norms.

Stronger cyber defences are necessary, but they must come with clear limits on state power, transparent rules for data access and protections for speech.

China’s cyber operations, which are part of a wider strategic contest, are indeed a serious threat. But if Australia reacts by expanding security powers without restraint, it risks weakening the freedoms it aims to defend.